Analogy in CLAM Erica Melis y
Abstract
CLAM is a proof planner, developed by the Dream group in Edinburgh,
that mainly operates for inductive proofs. This paper addresses the question
how an analogy model that I developed independently of CLAM can be
applied to CLAM and it presents analogy-driven proof plan construction as a
control strategy of CLAM . This strategy is realized as a derivational analogy
that includes the reformulation of proof plans. The analogical replay checks
whether the reformulated justications of the source plan methods hold in
the target as a permission to transfer the method to the target plan. Since
CLAM has very ecient heuristic search strategies, the main purpose of
the analogy is to suggest lemmas, to replay not commonly loaded methods,
to suggest induction variables and induction terms, and to override control
rather than to construct a target proof plan that can be built by CLAM
itself more eciently.
1 Introduction
Analogy is a heuristic problem solving strategy that guides the problem solving of
a target problem, which is similar to a source problem, by using the source problem solving. There are at least two dierent paradigms for analogy: derivational
analogy [Carbonell 86] and transformational analogy [Carbonell 83]. Derivational
analogy guides the target solution by replaying decisions of the source problem
solving process, and it uses information available during this process only, e.g., the
justications for the decisions made. Transformational analogy transforms only
the nal source solution to satisfy the constraints of the target problem.
The analogy-driven proof plan construction in [Melis 95] was originally developed
for the -MKRP environment [Huang et al 94a, Huang et al 94b] with its method
This research was supported by HC&M grant CHBICT930806.
Department of Articial Intelligence, University of Edinburgh, 80 South Bridge, Edinburgh
EH1 1HN; Email:[email protected], on leave from University of Saarbrucken, Germany
y
1
Analogy in CLAM
2
data structures and planner. Now a question was whether this analogy model
can be applied in another proof planner as well and which of its purposes and
techniques are dependent on the actual planner.
Because of the huge search space in general (proof) planning, usually the main
purpose of analogy is to guide the search for methods. CLAM 's search for methods,
however, is quite restricted already because inductive theorem proving is a rather
goal-directed type of mathematical reasoning and CLAM uses ecient search heuristics such as rippling. Therefore analogy might be helpful or eciently used only
if CLAM 's proof planning breaks down. Hence, the focus of applying analogy in
CLAM will be dierent, although we shall use the model of theorem proving by
analogy in [Melis 95].
This paper is organised as follows. First, I briey review the proof planning in
CLAM and the model of analogy-driven proof plan construction. In section 4
the purposes of analogy in CLAM are discussed. In section 5.1 the matchings
underlying the reformulations and the reformulations themselves are described. In
section 5.3 the analogical replay is introduced along with the justications of CLAM
methods. A comprehensive appendix contains examples referred to throughout the
whole paper.
I assume the reader to be familiar with proof planning and notations of CLAM .
For a comprehensive introduction see [Bundy et al 91a].
2 Proof Planning in CLAM
A proof plan is an abstract representation of a proof that consists of methods
corresponding to tactics. A tactic executes a number of logical inferences. In the
proof planning context a method is a (partial) specication of an available tactic
[Gordon et al 79]. Proof planning exploits the information encoded in methods to
build tactics tailored for the goal at hand. Proof planning constructs proof plans
that are trees1 of method nodes which are connected by sequents, called goals2 .
The execution of a complete plan, i.e. without open goals, yields a proof of the
top goal.
Proof planning has been introduced in [Bundy 88] in order to restrict the search
in theorem proving. Proof planning has been applied successfully to inductive
theorem proving by the Edinburgh proof planner CLAM [Bundy et al 91b]. This
required to analyze families of inductive proofs and to identify common patterns
in them which provide proof plans that can guide future proofs from the same
family.
Fortunately, inductive theorem proving is itself goal-directed and inductive proofs
reveal a certain pattern. Furthermore, strong domain-specic heuristics have been
1
2
or more generally, forests
in backward planning
Analogy in CLAM
3
discovered for inductive proofs, such as rippling [Hutter 90, Bundy et al 93], that
restrict the search for methods. Rippling systematically uses so-called wave-rules
to eliminate dierences between the induction hypothesis and the induction conclusion. To that end it considers goal expressions which are annotated by so-called
wave-fronts (indicated by boxes), i.e. terms that appear in the induction conclusion but not in the induction hypothesis. So-called wave-holes are indicated by
underlining. If, for instance, the induction hypothesis is
(x + y) + z = x + (y + z);
then the induction conclusion is
( s(x) + y) + z = s(x) + (y + z):
If we remove the structure of the not underlined parts of the boxes, then we
obtain the skeleton which equals the induction hypothesis. Rippling systematically
applies wave-rules that move or remove the wave-fronts in order to obtain an
expression that matches the induction hypothesis. Wave-rules are rewrites with
the same kind of annotation that encode terminating annotated rewriting.
The methods of CLAM have the form (see [vanHarmelen et al 93])
method(name(...Args...),
H==>G,
[...Preconditions...],
[...Postconditions...],
[...Outputs...],
tactic(...Args...)
% name slot: Prolog term
% input slot: sequent,
H hypotheses, G goal
% precondition-slot: list of conjuncts
% postcondition-slot: list of conjuncts
% output slot: list of sequents
% tactic slot: Prolog term
Version3 of CLAM , to which I refer throughout this paper, works with the following
methods:
elementary applies if current method is easily provable using some pro-
positional and equational reasoning, and very elementary facts
equal checks whether there is any equality Term=Var among the hypotheses. If so, it uses the equality to rewrite all hypotheses and the goal in a
denite order @<.
eval def symbolically evaluates a term in the goal by applying one of its
dening equations.
fertilize uses the induction hypothesis to rewrite the current goal or match
the current goal with the induction hypothesis.
Analogy in CLAM
4
generalise replaces a common subterm in both halfs of an equality, or
implication, or inequality by a new variable.
normal removes the implication from an implicational goal and appends
the antecedens to the hypotheses.
wave nds a subexpression to which a (conditional) wave-rule applies, where
the condition of the rule is required to hold already.
induction chooses induction variables and an appropriate induction scheme.
Its output are the subgoals for the base case and the step case (induction
conclusion).
CLAM 3 constructs a proof plan as a set of nodes which are data structures with
the following slots:
PlanName: the name of the conjecture being planned.
Address: the address of the node within the plan tree.
Hypotheses: the goal hypotheses.
Conclusion: the goal conclusion.
Status: the status of the goal sequent, open or closed.
Subst: list of substitutions generated for meta variables in the goal sequent.
Method: the method chosen by the planner at that node
Preconds: successful and failed method preconditions tested at that node.
Count: number of subgoals.
Backward proof planning starts with the conjecture as an open goal g. It searches
for a method M applicable to an open (sub)goal g and introduces M into the proof
plan. The subgoals gi produced by the application of M become the new open
subgoals whereas g gets the status \closed". The planning continues to search for
a method applicable to one of the open goals. CLAM plans backward only.
3 Analogy-Driven Proof Plan Construction
The analogy in [Melis 95] works at the proof plan level and employs both the derivational and the transformational paradigm by reusing control knowledge (justications) from the source planning process and by transforming the source proof
plan via reformulations.
Analogy in CLAM
5
Some proof plans can be transferred even if the formal proofs cannot be transferred. For instance, an -MKRP method calling an automated theorem prover
can provide dierent formal proofs in the source in the target when executed.
Similarly, the elmentary method can yield dierent formal proofs for source and
target when executed; and wave or eval def may have to remove a dierent
number of quantiers which causes dierent formal proofs when the plan is executed. Even more obvious is the advantage of analogically replaying proof plans
if a transfer of hierarchically superior methods is possible only and the transfer of
details fails.
Reformulations do more than just instantiate variables. They are mappings of
a proof plan to a proof plan3. Reformulations encode mathematical heuristics
on how a proof plan changes depending on certain changes of the problem to be
proved or of the proof assumptions. In general, reformulations may insert, replace,
or delete methods, may change methods, sequents, and justications of proof plan
nodes. A reformulation can be triggered by the match obtained between a source
(sub-)goal with a target (sub-)goal or between source assumptions and target
assumptions.
The analogy-driven proof plan construction in [Melis 95] assumes that a source
proof plan is given. It follows the parametrized source proof plan4 in order to construct a target plan. The source plan is linearised, i.e., ordered by the sequence
in which the nodes have been added to the source plan. As in [Veloso 94], justications, that encode reasons for the decisions made, annotate the source plan
nodes. These justications capture the subgoaling structure (the tree structure)
of a plan and point to reasons for the decisions, such as application conditions
of a method, user-given guidance, hierarchical information, or pre-programmed
control knowledge.
Analogy-driven proof plan construction works as a control strategy for proof planning and replays planning decisions of a reformulated source proof plan if their
justications are satised in the target (see Table 1). Otherwise, the analogical replay tries to establish certain justications or interleaves analogy with to base-level
planning. Base-level planning is proof planning that is not guided by analogy.
The analogical replay skips a source method if the status of the corresponding
target goal g is closed rather than open, that is, if g is an instantiation of an
assumption. Then the next source goal is considered, i.e., a source method that
became redundant in the target is skipped. New subgoals can be introduced by
the analogical replay to establish justications and proof assumptions.
Reformulations usually, but not necessarily, preserve the veriability of methods in a plan.
In the -MKRP environment a method M is called veriable if given the preconditions of M,
the method yields a correct proof of the postconditions of M in case the constraints of M are
satised. Note that the method slot names are dierent from those in CLAM
4 in which instantiated parameters are replaced by a certain kind of variables
3
Analogy in CLAM
6
input: linearised source plan, (open) target goal
output: target plan
1. while there are open target goals do
2. if source plan is exhausted, then base-level plan for the open goals.
3. Get next (sub)goal P from source plan.
4. if there is a reformulation , such that P matches an open target goal gT
for which the justications hold, then
reformulate source plan by and link gT to source plan.
if gT is an open goal, then
Select from the reformulated source the relevant
method M. Apply an appropriate reformulation
triggered by the justications of M.
Check M's justications. If they hold, link M to the
source plan and update open goals.
if a justication does not hold, then choose suitable
action:
Try to establish the justications by other
means.
Or base-level plan.
Table 1: Simplied analogy-driven proof plan construction
4 Purposes of Analogy in CLAM
What can analogy buy for inductive theorem proving with CLAM ? I briey discuss
some advantages and refer to examples (written in typewriter font) given in the
appendix of this paper. There A-B denotes the example with the source A and the
target B. Roughly, inductive theorem proving by analogy can:
provide a plan for a conjecture for which base-level planning does not succeed
with a plan, e.g., for div3term (from div3-div3term) and doublehalf (from
halfdouble-doublehalf), and for times2right (from plus2right-times2right),
obtain a proof plan for the target theorem that is considerably shorter than a
plan built by base-level planning, e.g., for halfplus from comp-halfplus2.
In more detail, analogy in CLAM oers the following features:
1. The analogy suggests an induction in the target case, i.e.,
(a) the analogy can suggest induction variables and existentially quantied
variables to be instantiated (IE-variables) (all examples),
Analogy in CLAM
7
(b) the analogy can suggest induction terms (all examples),
2. The analogy can suggest lemmas in the target case, e.g., in assp-assm,
halfplus2-lenapp,
3. The analogy can avoid the application of critics as dened in [Ireland & Bundy 94]:
The analogical replay can suggest lemmas and thus avoid the application of
the lemma discovery critics in the target, e.g., for lenapp-halfplus2.
Since the analogy can suggest an induction term, it can avoid the application
of the induction revision critic in the target, e.g., in
halfplus2-lenapp,
4. The analogy can guide non-inductive subproofs, e.g., in div3-div3term.
5. The analogy may suggest plan islands for proof planning which can then be
tackled by reasoning backward from the next transferred subgoal. Example:
assp-assm in case the distributivity axiom is not given for assm,
6. Analogy may nd generalisations via analogy, e.g., for assapp-assplus1,
where variables are generalised apart guided by analogy mapping constraints,
7. Analogy can suggest the application of a not commonly loaded method, e.g.
normal, if this method was loaded for the source planning and is transferred
to the target, for instance, for div3-div3term,
8. Analogy can guide the application of a method even if a heuristic precondition does not hold as, e.g., for zerotimes1-zerotimes3. Analogy is a
control strategy for planning that can overwrite heuristic preconditions.
5 Analogy in CLAM
In order to use the analogy-driven proof plan construction for CLAM we have to
consider analogical transfer for backward planning situations only. This yields the
simplication of the procedure already assumed in Table 1.
For analogy, the structure of the plan nodes, as presented above, has to be augmented by a justication slot containing dierent kinds of justications which
are explained in detail below: l-justications, e-justications, p-justications, and
IF-equations.
A somewhat elaborate analogy must allow for mappings that map a function
symbol at dierent positions in the source theorem (or in the source rewrites) to
dierent target functions (i.e., lambda terms)5. For this purpose, source function
symbols at dierent positions are dierentiated by additional indices. Because of
Even more elaborate mappings are conceivable that map arbitrary functions (lambda terms),
to functions
5
Analogy in CLAM
8
the rippling heuristic in CLAM , the functions that belong to the skeleton of a waverule have the same index on both sides of the wave-rule. Dealing with indexed
function symbols while running CLAM yields additional information relevant for
the replay of methods, namely a sequence of IF-equations of the form fi = fj . In
the source planning process these IF-equations result from matching an expression
from a goal with a rewrite or with a hypothesis, or from equalities used by the
method elementary. The IF-equations can be obtained by slightly extending the
matching in CLAM . The IF-equations belong to the justications of the respective
method and restrict the analogical mappings.
CLAM 3 does not work with hierarchical methods and, hence, hierarchy information
will not be included into the justications throughout this paper. Potentially,
however, hierarchy information has to be part of the justications if available.
After parametrizing the source plan nodes, the analogy in CLAM consists of the
subprocesses
1. Find the best6 match of the source conjecture with the target conjecture and
of the source rewrites with target rewrites, restricted by heuristics7.
2. Replay the source plan which includes to apply reformulations.
3. Base-level plan for any open goal.
These subprocesses are explained in the following sections. As discussed in section
5.2, certain matchings determine reformulations of the proof plan which go beyond
a pure mapping. Reformulations of the source proof plan are an important part
of the analogical replay. Here, I consider reformulations that change the proof
plan but do not change single methods. I shall rst discuss the matchings and
their restrictions, then suggest corresponding reformulations, and nally present
the analogical replay in CLAM .
5.1 Matching
First a basic mapping mb is constructed that matches the source and the target
conjecture. The basic mapping is then expanded by an extended mapping me of
source with target rewrites.
5.1.1 Basic Matching
The theorem tree ts is the parse tree of the source theorem. A ripple tree tsr of
a source theorem is the subtree of its theorem tree ts that contains the successful
\Best" will consider heuristics such as as many IF-equations as possible should be satised.
Actually, the matching and derivational replay should be interleaved. The separation is for
eciency reasons but it may turn out not to work well.
6
7
Analogy in CLAM
9
rippling paths with all the induction variables and existentially quantied variables
to be instantiated, jointly denoted as IE-variables. The example in Figure 1 shows
the theorem trees of lenapp and halfplus2 with the ripple paths as bold lines.
In the gure the source IE-variable is x and the target IE-variable is x.
=
x
=
len
len
half
half
app
app
plus
plus
y
y
x
x
y
y
x
Figure 1: Parse trees of lenapp and halfplus2
A basic match establishes the basic mapping mb in order to match the parametrized source theorem with the given target theorem. mb has to be a second-order
substitution because source function symbols can be mapped to target functions.
mb maps the source theorem tree ts to the target theorem tree tt and thereby it
maps the ripple-subtree tsr of the source theorem tree ts to a subtree ttr of the
target theorem tree tt. In order to successfully transfer the methods of the source
plan, in particular from the step case subplan, the rippling paths in the target tree
should be similar to the rippling paths in the source tree. That is, ttr should be a
target ripple-subtree.
Labelled Fragments
Therefore we propose constraints for mb that heuristically preserve the ripple
paths. Such a heuristic makes the analogy dependent on the rippling used in
the source proof and, thus, it is tailored for transferring the step case of a proof
plan. We could buy more generality for less restriction of the mapping.
Since labelled fragments, introduced in [Hutter 94], heuristically determine the
successful rippling paths we require mb to preserve labelled fragments or to change
labelled fragments in a controlled way that leads to similar successful rippling
paths. Figure 2 displays labelled fragments of some functions. Labelled fragments
provide an abstract representation of wave-rules and allow for reasoning about
the whole ripple process. The labelled fragments of function/relation nodes in a
theorem tree heuristically determine the ripple paths and the set of IE-variables.
The ripple paths in a theorem tree abstractly encode the consecutive application of
the wave-method relying on the wave-rules the labelled fragments are built from.
According to [Hutter 94], labelled fragments are rather insensitive to missing lemmas. This means that if a function f has a labelled fragment, constructed from
Analogy in CLAM
even
even
10
half
half
plus
plus
<>
<>
Figure 2: Labelled fragments
f 's denition or other rewrites, that contributes to an abstract ripple path in the
theorem tree, and if a particular lemma is missing for the concrete rippling at a
node N, then a lemma can likely be proven that can be used for rippling at N of
the theorem tree. This heuristic is highly desirable for analogies because analogy
should work despite missing lemmas.
It is even more sensible to base mb on labelled fragments if the induction
method determines the IE-variables by reasoning about fragments (as, e.g., in
INKA [Hutter 94]). Then the relevant fragments are computed anyway.
Match Constraints
If the tree structure and the labelled fragments are preserved by mb, then the
abstract reasoning about the ripple process is the same for source and target and
yields corresponding IE-variables and corresponding ripple paths. Then mb(tsr ) =
ttr heuristically constitutes a ripple subtree in the target in which the images of
IE-variables of the source are IE-variables of the target.
mb is a second-order substitution of the indexed source theorem with the target
theorem that maps IE-variables to target terms and functions/terms to target
functions/terms. We restrict mb by the following constraints (for controlled exceptions see section 5.2).
b1 mb preserves the labelled fragments of the nodes of tsr.
b2 IE-variables are mapped to target terms. Those target terms occur in the
subtree ttr of the target theorem tree only. This ensures that target rippling
cannot take place outside mb(tsr ).
b3 If an image ti of an IE-variable also occurs at position P in an image of
a source term which does not belong to the IE-variables, then ti has to be
renamed at position P . This ensures that target IE-terms are images of
source IE-variables only. This constraint may generalise variables apart8 in
the target as in the example assapp-assplus1.
That is, generalise a conjecture by replacing variables with several occurrences by new
variables in places.
8
Analogy in CLAM
11
The problem of generalizing variables apart is a dicult one (see, e.g.,
[Hesketh 91].). In some cases, i.e., if an appropriate source is available,
the generalisation can be guided by analogy as a byproduct of b3. 9
b4 We get into trouble if in the source a universally quantied variable x is
actually used as a sink in rippling and mb(x) is an existentially quantied
target variable which cannot be used as a sink. Hence we do not allow mb
to map a universally quantied variable to an existentially quantied one.
Maybe this constraint can be loosened later on.
b5 In order to reduce the search for mappings, the largest terms outside tsr are
mapped to corresponding largest terms outside ttr.
For non-inductive source proof plans these constraints do not apply. b1 - b5 restrict
the analogical mappings and restrict the search space of source problems for a given
target problem. More heuristics, e.g., one that prefers identical mapping, will be
necessary for the basic and extended matching.
5.1.2 Extended Matching
The extended matching creates the extended mapping me that maps source rewrites to target rewrites. For examples see section 10. Extended mappings are
applied in order to instantiate method justications in the target, such as \A
rewrite source def is recorded as a denition".
Note that the mapping of source rewrites is to some extent restricted by IFequations and by mb. Take, for instance, lenapp-halfplus2 with
IF-equations: app2 = app3, len2 = len3, ::3=::1, len4 = len1,
s1 = s2, len2 = len4, app2 = app4 , app4 = app1 ,
mb : len1;2 7! half , and mb : app1;2 7! +,
with the source rewrites
app2: app3 ((v0 ::2 a); b) = v0 ::3 (app4 (a; b)) and
length2: len3(v0 ::1 a) = s1(len4(a)), and with the target rewrites
plus2: +(s(a); b) = s(+(a; b)) and
half2: half (s(s(a))) = s(half (a)).
me maps app2 to plus2 because of mb and app3 = app2; app2 = app4, and similarly
me maps len2 to half2. In general, however, this restriction does not uniquely
determine the rewrite to be matched.
Dierent extended mappings have to be constructed for the target step case
and for the target base cases because dierent sets of IF-equations belong to
9 Other examples are source x (y y) = (x y) y
target x + (x + x) = (x + x) + x, and
source app(rev(x); rev(y)) = rev(app(y; x))
target app(rev(x); rev(x)) = rev(app(x; x)).
Analogy in CLAM
12
the step and base cases, respectively and dierent rewrites are used, see, e.g.,
plus2right-doubleplus2right or lenapp-halfplus2.
According to the paradigm of derivational analogy, the extended mappings should
actually be constructed stepwise while following the source plan as mentioned in
a footnote above. This may be quite inecient because backtracking may cause
an annulment of work done during the analogical replay. Hence, we propose to
nd the mapping rst and to replay the source plan afterwards.
5.2 Reformulation
The matchings trigger the application of a reformulation that carries out the mappings and may execute some other changes of the source proof plan. Three procedures perform the reformulations dependent on the basic matching, the extended
matching, and the IF-equations, respectively.
5.2.1 Basic Reformulation
First of all, the basic reformulation procedure applies the substitution mb. Some
basic matchings may require additional changes of the source proof plan as described in the following.
shrink If mb maps fi 7! w:w, then the wave method for fi becomes redundant and
can be removed from the proof plan. Example: plussumsum-plus2right.10
blow If mb maps a source function symbol f to a function x:g1(g2(x) that has the
same (combined) labelled fragment as f , then me suggests a corresponding
target rewrite with mb(f ) in its skeleton.
An alternative not considered yet, is to introduce two wave methods ( for
g1 and g2) instead of one source wave method for f .
Example: plus2right-doubleplus2right
A special case of blow is the introduction of a function that has the same
fragment as the identity function.
reduce A normalizing reformulation11 adds a method M (or subplan) on top of the
proof plan for which output(M ) ! input(M ) holds. The rst option of the
reduce reformulation introduces a method reduce, for which the input is
(8)f (t1) = f (t2) and its output is t1 = t2. reduce utilizes the equality
axiom scheme
10This is a special case of xf (f (x)) 7! wg(w) which is, however, not a second-order
1 2
substitution.
11A normalising reformulation introduces a method or subplan on top of the source proof
plan. Normalising reformulations resemble the initial-segment concatenations in Carbonell's
transformational analogy [Carbonell 83].
Analogy in CLAM
13
8x18x2(x1
= x2 ! f (x1) = f (x2)), where f is a function or relation. The
method reduce could eventually have other parameters (or submethods)
that guide its actual work.
reduce can be applied if the source theorem is (8)t1 = t2 and the target
theorem is (8)f (x1; : : : ; t1; : : :; xn) = f (x1; : : :; t2; : : : ; xn) and mb : t1 7!
t1; t2 7! t2. In order to trigger reduce, the matching procedure has to be
extended slightly.
reduce can ease the analogy that otherwise might suggest dicult to prove
lemmas. It can also shorten target proof plans substantially12. reduce should
be preferred to other reformulations at least in cases where t1 = t1; t2 = t2
because it yields a very simple analogy. In other cases we may need a
heuristic in order to decide which reformulation to prefer: reduce or blow,
e.g., prefer reduce to blow if the mapping mb : t1 7! t1; t2 7! t2 maps function
symbols to function symbols only.
symm If the second-order match of a source theorem with a target theorem permutes arguments of f for mb(f ), then the labelled fragment of f and mb(f )
have to be permuted in the same way.
For instance, in apprev-plussumsum
mb : app1 (w1; w2) 7! w1w2:plus(w2; w1) requires a labelled fragment of
plus that is symmetric to the labelled fragment of app1. Those symmetric
labelled fragment of app and plus are provided by the rewrites assapp and
plus2 here.
The corresponding reformulation changes, apart from the substitutions of
mb, only position parameters of methods in the source plan. For a detailed
example see apprev - plussumsum in section 10.
condt If the source theorem is Ths and the target theorem is Ct ! Tht, and if we
can nd a basic mapping mb with mb(Ths) = Tht that meets the constraints,
then a condt reformulation of the proof plan replaces (weak) fertilize
by Kraan's very (weak) fertilize [Kraan 94]. In the step case13 condt
introduces into the target planning the instantiated antecedents' Ctbj of the
target base cases as an additional subgoal and introduces subplans for their
proof or disproof into the plan. condt transfers the source base case if Ctbj
can be proven, and it terminates a base case if Ctbj is disproved. 14 For a
detailed example see halfdouble-doublehalf in section 10.
0
0
0
0
0
0
0
0
E.g., this reformulation yields a plan of halfplus with 13 methods, as opposed to base-level
planning that comes up with a plan with 57 methods and lemma calculation.
13Very (weak) fertilize produces the additional lemma C 0 ! C to be proved, where C 0 is
t
t
t
the antecedents of the induction conclusion and Ct is the antecedents of the induction hypothesis.
12
Since this reformulation is a foreseeable heuristic change of the proof plan we don't have to
rely on a modication during the replay that would establish preconditions which are not satised
in the target. Such a modication could replace weak fertilize by very weak fertilize for
those specic cases because the precondition partial induction hyp match does not hold in
14
Analogy in CLAM
14
add-args If mb maps a function f to an mb(f ) and duplicates arguments, then the
source subplans for treating this argument has to be duplicated. Put more
technically, if mb(f ) has k occurrences of a variable wi at positions i1; : : :; ik
in the target and the fragment of mb(f ) agrees at positions i1; : : : ; ik with
the fragment of f at position i in the source and is the same everywhere
else, then the source subplan for treating the ith argument of f has to be
introduced k times (for each occurrence of wi) into the target plan (see for
a more general reformulation Add-Args [Melis 95]).
As opposed to a mapping mb that adds a constant argument and does not
cause any changes of the plan structure, for add-args the ith argument of f
in the source may contain IE-variables.
5.2.2 IF-Reformulation
As the basic reformulaton was guided by the basic match, the IF-reformulation is
guided by IF-equations. This procedure can apply the reformulations1to2 or 2to1:
1to2 If the mapped IF-equations require m(fi) = m(fj ), where fj stems from
a wave-rule, but m(fi)(m(fi)) = m(fj ) actually holds in the target, then
change a primitive induction to a two step induction in the target and double
the steps between induction method and the occurrence of the IF-equation.
This reformulation could be extended later to composing wave-fronts more
generally. The reformulation removes the IF-equation from the justication.
Example: lenapp-halfplus2
2to1 If the mapped IF-equations require m(fi) = m(fj ), where, fj stems from a
wave-rule, and me(fj )(me(fj )) = me(fi), then the reformulation changes a
two step induction to a primitive induction in the target and collapses the
corresponding double steps to single steps between the induction method
and the occurrence of the IF-equation. Again, this reformulation can be extended later to more general compositions of wave-fronts. The reformulation
removes the IF-equation from the justication.
Example: halfplus2-lenapp
5.2.3 Extended Reformulation
First of all, the extended reformulation procedure applies the substitution me.
Certain features of me require additional changes of the source proof plan:
abs If me maps a function symbol f to a lambda term with an unspecied nonconstant argument o that can have dierent instantiations, then a replayed
the target.
Analogy in CLAM
15
source plan would treat the abstract symbol o as if it were absent. In the
target, however, this amounts to an abstraction.
For each new occurrence of o a new meta-variable oi has to be introduced.
The instantiations of the oi have to be computed by running the methods
Mi that rst introduce oi into a subgoal15 . From the target plan node of Mi
the substitution of the meta-variable oi has to be stored. Very likely a target
proof plan branch will have to be completed by base-level planning because
a method-justication wont be satised.
Example: assp-assm with me : s 7! w: + (w; o).16
case Let RT be the target rewrite that belongs to a set of conditional target
rewrites for which the disjunction of all the conditions is a valid formula.
If me maps a source wave-rule RS to rewrite RT , then additionally introduce
a case split into the source proof plan where RS was applied. Introduce the
remaining source subplan as the RT branch of the plan and declare the other
subgoals of the case split open goals (to be proved by base-level planning).
Example: The extended mapping maps
plus2: plus(s(x); y) = s(plus(x; y)) to
union4: :member(x; y) ! union(h :: x; y) = h :: union(x; y)
by me : plus 7! union etc.
5.3 Analogical Replay
The analogical replay is the core of the analogy-driven proof plan construction
that applies the reformulations, checks the justications, and reacts to failures of
justications in the target.
Ideally, the matching that triggers the reformulations and the analogical replay
should be integrated. Currently, however, the matching is accomplished before the
replay for pure eciency of the match procedure. After the basic and extended
mappings have been found, the source proof plan is replayed analogically. According to Table 1, the analogical replay follows the (linearised) source plan and
applies the reformulations, triggered by the mappings, to the source plan and its
nodes.
At an induction method node, the reformulation instantiates the induction hypothesis, the induction variables, and the induction term. The induction method
runs with these instantiated parameters, checks whether the induction term is a
proper one (terminating order), and yields the step case and base case subgoals.
The target base case terms, such as 0 or nil, have to be matched with a base case
latest when the instantiation is relevant to satisfy a method justication
The name abs might be misleading because actually the source is an abstraction of the target
here.
15
16
Analogy in CLAM
16
term in the source. There can be more target base cases than source base cases
or vice versa.
The replay checks the justications of the respective (reformulated) source plan
node and transfers the source method to the target plan if its justications hold in
the target. If a justication does not hold in the target, a suitable action is taken.
The actions to be taken depend on the actual justication that is not satised.
They are described in section 5.3.2.
If the attempt to establish a justication fails, the source method cannot be transferred and a gap remains in the target proof plan. That is, the target plan node
has an empty method slot and a conclusion that contains a special meta variable, a
gap variable ?i . The gap variable is a place holder for the unknown subexpression
of the sequent in the (current) target node that corresponds to the source subexpression that was changed by the source method which could not be transferred.
See, for an example, assp-assm or lenapp-halfplus2 (base case). The status of
this target plan node remains open. The replay stops as soon as no subexpression
other than a gap variable occurs in the target node conclusion (see the base case
of plus2right-doubleplus2right).
The actual replay may result in a proof plan that has open goals of dierent
origins: If the replay stopped, i.e., the gap is open-ended, the open goals have
to be closed by base-level planning. For gaps between two proper plan nodes
elaborate techniques have to be developed in the future that aim at closing these
gaps, e.g., by forward reasoning, abduction. So far we can close gaps by base-level
planning only if gap variables can be instantiated during the analogical replay. As
the example assp-assm shows, the transfer of following source methods may force
an instantiation of a gap variable or at least provide information about possible
instantiations. In this case, the gap variable can be (partially) instantiated which
assists a subsequent base-level planning for the gap.
5.3.1 Justications
In CLAM justications exist in a bigger variety and play a more important role than
they do in -MKRP, so far. The reason is that CLAM 's methods, in particular their
preconditions, have been polished for a long time in order to restrict the search
for methods. Hence, a variety of reasons for the application and applicability of a
CLAM method exist. I analyse how justications can be constructed for nodes of
CLAM 's proof plans.
Some preconditions of methods yield justications that have to be checked by the
analogical replay. Preconditions of methods can be classied into
l legal preconditions the failure of which causes a failure of the transfer of the
source method,
Analogy in CLAM
17
e legal preconditions which the analogical replay rst should try to establish
if they are not satised in the target,
p legal preconditions that involve the proof of some formula,
h heuristic preconditions that can be overridden, and
i preconditions that are mere instantiation conditions.
Some current CLAM methods have hybrid preconditions, e.g., trivial(H==>C)
that is classied h,p. The actual classication of the preconditions of CLAM 3
methods is given in the rst appendix (section 9).
The justications of the node N consist of goal dependencies, the relevant IEequations, and of the following justications provided by the successful preconditions of the method applied in N:
l-preconditions become l-justications. In CLAM 3, e.g., an l-precondition of
the method equal is that an equation occurs in an hypothesis.
e-preconditions yield e-justications. In CLAM 3 those justications state,
e.g., that a wave-rule or denition is stored in the library.
h-preconditions are ignored and do not yield any justication. In CLAM 3,
e.g., a heuristic precondition of the method equal is that the replacement
for a term is a free variable. This precondition could be dropped, thus
allowing for another analogous replacement of a target term. Note, that
dropping a h-precondition without the guidance from analogy might not be
a good idea.
h,p-preconditions are weakened to p-justications. In CLAM 3, e.g., a pprecondition of the method wave is that the condition of a conditional waverule is in the hypotheses already (trivially provable). This is weakened to a
justication that requires that the condition is provable from the hypotheses.
5.3.2 Actions if Justications Do not Hold
The analogical replay chooses an action or base-level plans if a justication of the
method to be transferred does not hold in the target, as shown in Table 1. In the
following the actions are described. Base-level planning is choosen if no transfer
takes place, either because an action failed or because no action was possible at
all.
Analogy in CLAM
18
Wrong Goal Dependencies
The goal dependencies are represented by the address of a plan node. The source
node has to be in the same branch (base or step case) of the proof plan as the
target node considered by the replay. This may be not the case if a target branch is
complete (no more open goal) whereas the corresponding source node has subgoals.
Then selecting the \next" node in the source cannot yield a jusitied transfer.
Therefore, if the source goal dependencies do not hold for the selected open target
goal, then do not transfer the method.
Violated IF-equations
If an IF-equation does not hold in the target, then produce an open target goal
by replacing the subexpression that resulted from the last rewriting of the source
goal by a gap variable ?j in the target. Record a gap, i.e., no method in the target
node.
In case a source rewrite corresponds to two or more dierent target rewrites, e.g.,
in assp-assm with given distr, each alternative may be considered by me using
additional indices. This amounts to dierent copies of the same source rewrite.
An appropriate copy of the rewrite has to be chosen by the replay in order to
satisfy the IE-equations.
Violated Justications originated in Preconditions
If a precondition-justication is not satised in the target, the analogical replay
takes the following actions specic for particular justications.
1. If an l-justication cannot be satised and does not contain a gap-metavariable ?j , then the source method is not transferred. If an l-justication
contains a gap-meta-variable ?j , then the replay suggests satisfying the justication by instantiating ?j in a controlled way.
For the justication of the method fertilize(strong), e.g., that requires to
match the induction hypothesis H: lhs = rhs with the goal G: (lhs) =?,
the replay can instantiate ? by (rhs).
If the justication induction hyp match(Var, H, G, SubstL) of fertilize(strong) with G: (lhs) = ?1 and H: lhs = rhs, then the replay instantiates ?1 by (rhs). See, for instance, assp-assm.
The replay suggests the same kind of instantiation for the method elementary by assuming G: lhs = rhs. (With a more elaborate suggest-procedure a
gap-meta-variable in the justications of other methods could be partially instantiated, e.g., for methods generalise, normal, and fertilize(weak).
This is, however, beyond our current scope.)
Analogy in CLAM
19
2. Base-level planning is invoked in order to establish a p-justication.
For instance, the replay tries to establish (H==>C) by base-level planning
(with a time limit) . If this fails, the source method is not transferred. If it
succeeds, the method is transferred. Example: div3-div3term.
3. If an e-justication does not hold in the target, the replay suggests a target
rewrite by mapping the rewrite in the justication. The suggested target
rewrite may contain meta-variables for the function variables of the parametrized source that have not yet been mapped by mb and me (For an
example see plus2right-doubleplus2right.). The suggestion of rewrites
should be accompanied by a disprove procedure17. (See, e.g., base case of
example plus2right-doubleplus2right) which avoids a waste of eort for
the analogical replay in case a false lemma is suggested. Only if the suggested
rewrite is proved, the method can be transferred.
In the following, some examples are given for the eect of the analogy as a control
strategy that can override the default control
17
When the plan of
zerotimes1: x = 0 ! times(x; y ) = 0 is replayed for the target
zerotimes3: times(x; y ) = 0 ! times(times(x; y); y ) = 0, then the hprecondition of the equal method freevarinterm(G,Var) that holds in
the source with Var = x does not hold for mb(x) = times(x; y). Since this
precondition is ignored for the justications, the replay transfers the equal
method nevertheless.
The same holds for the class of cnc examples such as
source: cnc times: x = y ! app(x; z) = app(y; z)
target: cnc termplus: (u; x) = (v; y) ! +((u; x); z) = +((v; y); z)
If we took the precondition trivial(H==>C) as a justication, the analogical
replay of the following example would not work:
source: div3::y = 0 ! div(+(y; x); y) = s(div(x; y))
target: div3term:: (y; z) = 0 ! div(+(y; x); y) = s(div(x; y)).
The h,p-precondition trivial(H==>C) of the method eval def yields the
source p-justication (:y = 0 ! :y = 0) which is mapped to the target
justication (: (y; z) = 0 ! :y = 0). This target justication can be
established by base-level planning for (: (y; z) = 0 ! :y = 0). Since the
planning succeeds, the replay transfers the method eval def.
available in CLAM 3.2 that can prove many wrong suggestions to be false
Analogy in CLAM
20
6 Related Work
Villaorita [Villaorita & Sebastiani 94] tries to incorporate user-supplied abstractions into analogy in inductive theorem proving. For the purpose of program optimisation Madden [Madden 91] investigated a reformulation of proof plans that
replaces a course-of-values induction by a stepwise induction.
Kolbe and Walther [Kolbe & Walther 94] reuse equational proofs by second-order
substitutions of a \schematic shell" including the used axioms and the conjecture.
They calculate equational constraints by a separate calculus. By second-order
matching the \schematic shell" with the target conjecture (induction conclusion)
and target rewrites they obtain the instantiated rewrites which are relevant in
the target. Similar to [Kolbe & Walther 94] we store IF-equations used during
source planning. The presented reformulation add-args is similar to a patch in
[Kolbe & Walther 95]. Their paradigm, however, is dierent to analogy because
they generalise and re-instantiate. Further dierences are:
The analogy can suggest IE-variables and induction conclusion, they need
the target induction conclusion to be given.
The analogy may result in a proof plan with gaps and does not necessarily
provide an exact replay with a full match of all axioms which is, however,
required in [Kolbe & Walther 94].
The generalization approach aims at providing the target rewrites only, while
the analogy nds a target proof plan.
The analogy in CLAM does not use the analogical replay if the proof planning
goes through with little search.
Both approaches can suggest lemmas from (partially) instantiated constraints
and source rewrites. In addition, analogy can suggest lemmas by replaying
lemma-critics results.
7 Conclusion and Future Work
The analogy-driven proof plan construction has been applied within the CLAM
environment. Not surprisingly, the particular procedures of reformulation turned
out to be dependent on the data stuctures for methods and plans. Some reformulations that encode frequently used domain specic heuristics depend on the
scope of the planner. For instance, constraint b1 encapsulates a heuristic specic
for inductive theorem proving and can be exploited for inductive proofs only. For
each planner several types of justications are needed. The actual justications,
however, depend on the means for search control in the planner.
Analogy in CLAM
21
The main contribution of this application of analogy-driven proof plan construction has been to identify match heuristics, reformulations, justications, and actions to be taken if the justications are not satised in the target for CLAM .
Thereby we have been able to show with some relatively simple examples what
analogy has to oer even for a planning system with little average search for
methods.
The power of the analogy-driven proof plan construction stems from the given
source plan, from the reformulations, and from the actions taken in order to establish justications. There is, of course, a tradeo between the power and the
costs of the matching and reformulation.
The analogical replay may construct proof plans with gaps that cannot be closed
by base-level planning. Furthermore, reformulations encode heuristics that can
fail, which is only natural for any analogy process.
The work on analogy in CLAM will be continued and will examine more challenging
examples that CLAM cannot solve without analogy. More elaborate techniques for
closing gaps in target proof plans have to be investigated. Hierarchical information
will be included into the justications.
8 Acknowledgement
I would like to thank the Dream group for guiding me into CLAM and discussions
on analogy in CLAM , in particular Alan Bundy, Andrew Ireland, Alan Smaill, and
Jon Whittle.
Analogy in CLAM
22
9 Appendix I
The classication of preconditions, as it follows for CLAM 3 methods, has to be
done manually, as far as I can see.
elementary
equal
h,p
l
l
h
eval_def
fertilize
h
i
l
e
h,p
l
l
generalise
i
i
l
l
l
l
l
l
l
i
i
i
i
elementary(H==>G,I)
((hyp(HName:Term=Var in T,H), Dir=left)
v
(hyp(HName:Var=Term in T,H), Dir=right)
),
(not freevarinterm(Term,_)
orelse
(atomic(Var), not atomic(Term))
orelse
(atomic(Var), atomic(Term), Term @< Var)
),
freevarinterm(G,Var)
not contains_meta_variables(G),
expression_at(G,Pos,Exp),
not wave_fronts(_, [_|_], Exp),
function_defn(Exp,Rule:C=>Exp:=>R),
trivial(H==>C)
induction_hyp_match(Var, H, G, SubstL)
OR
partial_induction_hyp_match(Var, H, G,NG,SubstL)
matrix(Vs,M1,G),
sinks(M,_,M1),
member(M,[(L=R in _),(L=>R),geq(L,R),leq(L,R),greater(L,R),less(
exp_at(L,_,Exp),
not atomic(Exp),
not constant(Exp,_),
not oyster_type(Type, _, Exp),
object_level_term(Exp),
exp_at(R,_,Exp),
type_of(Exp,Type),
append(Vs,H,VsH),
hfree([Var],VsH),
replace_all(Exp,Var,G, NewG1),
\+ disprove([Var:Type]==>NewG1)
Analogy in CLAM
normal
l
l
l
l
l
wave
l
e
h,p
l
e
h,p
l
induction
l
casesplit
i
i
e
i
l
e
23
matrix(Binds, Cond => Body, G),
not wave_occ(Binds, Cond, _, _),
not sinks(_, [_|_], G),
not wave_fronts(_, [_|_], G),
member(Body, [_ = _ in _, _ => _])
wave_occ_at(G,Pos,L),
wave_rule_match(Rule,long(Dir),C=>L:=>R,[]),
trivial(H==>C)
OR
wave_occ_at(G,Pos,L),
wave_rule_match(Rule,trans(Dir),C=>L:=>R,[]),
trivial(H==>C),
sinkable(R)
wave_occ(H, G, VarTyps, IndTerms)
matrix(Vars, Matrix, G),
exp_at(Matrix, MatPos, L),
wave_rule(_,_,[_|_]=>LL:=>_),
copy(LL,L),
correct_wave_vars(LL, L),
condition_set(LL, CConds, _)
10 Appendix II: Examples
10.1
comp-halfplus2
This is an example for the application of the reformulation reduce.
source theorem: +(a; b) = +(b; a)
target theorem: half (+(a; b)) = half (+(b; a)).18
Source plan
induction([s(b)],[b:pnat]) then
[eval_def([2,1],plus1) then
induction([s(a)],[a:pnat]) then
[eval_def([1,1],plus1) then
elementary(...),
We do not index the function symbols of the source theorem because it is not necessary in
this case.
18
Analogy in CLAM
24
wave([1,1],[plus2,equ(left)]) then
fertilize(weak(v0)) then
elementary(...)
],
wave([1,1],[lemma1,equ(left)]) then
wave([2,1],[plus2,equ(left)]) then
fertilize(weak(v0)) then
elementary(...)
]
An analogical transfer using the reformulation blow with
mapping mb : + 7! ab:half (+(a; b)) rather than reduction would not succeed
with a transfer of the base case and would cause a lot of eort to transfer the step
case.
In terms of analogy it is a good guess, to reduce the proof of halfplus2 to a source
proof of comp because the latter is available already. Besides, the proof plan that
results by introducing an additional method reduce(equality) into the plan of
comp is much shorter than one that would result from base-level planning even if all
necessary wave-rules and denitions for plus and half were given19. The resulting
target proof plan deviates from the common pattern though. The resulting target
plan is
reduce(equality) then
induction([s(b)],[b:pnat]) then
[eval_def([2,1],plus1) then
induction([s(a)],[a:pnat]) then
[eval_def([1,1],plus1) then
elementary(...),
wave([1,1],[plus2,equ(left)]) then
fertilize(weak(v0)) then
elementary(...)
],
wave([1,1],[lemma1,equ(left)]) then
wave([2,1],[plus2,equ(left)]) then
fertilize(weak(v0)) then
elementary(...)
]
plan time halfplus2 119.116 compared with plan time 4.283 for comp which does not even
have to be planned again
19
Analogy in CLAM
10.2
25
assp-assm
This is an example for the application of the reformulation abs and for handling
gaps and gap variables.
source theorem: +1(x; +2(y; z)) = +4(+3(x; y); z)
target theorem: (x; (y; z)) = ((x; y); z),
where the distributivity axiom is not given as a rewrite. The source proof plan is
induction([s1(x)],[x:pnat]) then
[eval_def([1,1],plus1) then
eval_def([1,2,1],plus1) then
elementary(...),
wave([1,1],[plus2,equ(left)]) then
wave([1,2,1],[plus2,equ(left)]) then
wave([2,1],[plus2,equ(left)]) then
fertilize(weak(v0)) then
elementary(...)
]
The labelled fragments of + and * are equal and, hence, mb : +1;2;3;4 7! .
Since the source induction variable is x, the induction variable in the target
is identied as mb(x) = x.
The only source wave-rule is plus2:
+5( s1(x) ; y) ) s2(+5(x; y)) and the only given target rewrite is
(s(x); y ) = +((x; y ); y ).
The IF-equations of the source are:
+1 = +5
+3 = +5
+4 = +5
s1 = s2.
me maps s1 7! s(w1) and s2 7! +(w; o) for an abstract symbol o that may
have dierent instantiations.
The rst method is induction(s1(x)), justied by plus2.
The step case goal in the source is: +1( s1(x) ; +2(y; z)) = +4(+3( s1(x) ; y); z)
which yields a target goal
(s(x); (y; z )) = ((s(x); y ); z ) because of me : s1 7! s.
The next method, wave(plus2), has as justications the source wave-rule
plus2 and +1 = +5 which requires me : +5 7! .
Analogy in CLAM
26
The next source goal is:
s2(+5(x; +2(y; z))) = : : : and the corresponding target goal is
+((x; (y; z)); o1) = : : :. The instantiation (y; z) of the meta-variable o1 is
obtained by running the wave method and it is stored.
The next method, wave(plus2), has as justications the source wave-rule
plus2 and +3 = +5 which hold in the target as well.
The next source goal is:
s2(+5(x; +2(y; z))) = +4( s2(+5(x; y)) ; z). The corresponding target goal
is +((x; (y; z)); o1) = (+((x; y); o2); z). The instantiation y of the metavariable o2 is obtained by running the wave method and it is stored.
The next method, wave(plus2)(*), has as justications the source wave-rule
plus2 and +4 = +5, and s1 = s2. The mapped version of the latter does not
hold in the target because s(w) 6= +(w; o). Hence, the method cannot be
transferred to the target. The replay yields a gap and produces an island
node with no method and with the conlusion
I: +((x; (y; z)); o1) =?.
The next source method, fertilize(weak), has +5 = +1 as a justication
which holds in the target. An l-justication of the node is
partial ind hyp match( ; [+1(x; +2(y; z)) = +4(+3(x; y); z)]; [s2(+5(x; +2(y; z))) =
s2(+5(+5(x; y)); z)]; ). The corresponding target justication
partial ind hyp match( ; [(x; (y; z)) = ((x; y); z)]; [+((x; (y; z)); o1) =?]; )
holds. The method yields the subgoal +(((x; y); z); o1) =?.
The next source method, elementary, has the justications +4;3 = +5,
which holds in the target, and true(+(((x; y); z); o1) =?). The latter justication needs an instantiation of ? to be satisable. A possible instantiation
is ? = +(((x; y); z); o1).
The instantiation of ? together with the substitutions of o1 and o2 can be used
to close the gap in the target proof plan that remains after the analogical
replay: Closing the gap requires a target method and justication that produces : : : = +(((x; y); z); (y; z)) from : : : = (+((x; y); y); z). The wave
method justied by the distributivity rewrite (distr) can close this gap. In
fact, the justication s1 = s2 of wave(plus2)(*) is mapped to +( ; o) = ( ; o)
in case me maps plus2 to distr: (+(x; z); y) = +((x; y); (z; y)).
If distr was given as a target rewrite, the source rewrite plus2 might have two
dierent images under me, namely times2 and distr. In such a situation the
extended matching provides me : +51 7! ; s11 7! s; s21 7! +( ; o) (for plus2 7!
times2) and
me : +52 7! ; s12 7! +( ; o); s22 7! +( ; o) (for plus2 7! distr). In order to satisfy
Analogy in CLAM
27
the IF-equation s1 = s2 at plan node N, the image distr of plus2 has to be
chosen for the transfer of the method at N.
The source base case conjecture is +1(0; +2(y; z)) = +4(+3(0; y); z) and
the target base case conjecture is (0; (y; z)) = ((0; y); z), where 0 is introduced
by the induction method.
The source rewrite is plus1: +7(01; x) = x.
The given target rewrite is times1: (0; x) = 0.
The base case IF-equations are:
+1 = +7 ;
0 = 01 ;
+3 = +7 ;
+2 = +4 .
me : +7 7! ; 01 7! 0. This mapping suggests a target rewrite (0; x) = 0 which
can be disproved. Therefore the target base case has to be completed by base-level
planning.
The target proof plan becomes
induction([s(x)],[x:pnat]) then
[
eval_def([1,1],times1) then
eval_def([1,2,1],times1) then
eval_def([2,1],times1),then
elementary(...),
wave([1,1],[times2,equ(left)]) then
wave([1,2,1],[times2,equ(left)]) then
wave([2,1],[distr,equ(left)]) then
fertilize(weak(v0)) then
elementary(...)
]
%BASE-LEVEL
%%
yields
Analogy in CLAM
10.3
28
apprev-plussumsum
This is an example for the application of the reformulation symm and it shows
that step case and base case replay have to be handled separately and depending
on dierent me and sets of IF-equations.
Source theorem: app1(rev(y); rev(x)) = rev(app2(x; y))
Target theorem: +(sum(x); sum(y)) = sum(app(x; y))
Source rewrites:
rev2: rev2(h ::3 l) = app5 (rev2(l); h ::4 nil)
app2: app3 (h ::1 l1; l2) = h ::2 app3 (l1 ; l2)
assapp: app6 (l; app7 (m; n)) = app8 (app6 (l; m); n).
The IF-equations of the source planning are:
app1 = app6
app2 = app3
app5 = app7 = app8
rev = rev2
::1=::2=::3.
The source proof plan is
induction([v0::m],[m:int list]) then
[eval_def([1,2,1],app1) then
eval_def([2,1,1],rev1) then
generalise(rev(l),v0:int list) then
induction([v1::v0],[v0:int list]) then
[eval_def([1,1],app1) then
elementary(...),
wave([1,1],[app2,equ(left)]) then
fertilize(weak(v2)) then
elementary(...)
],
wave([1,2,1],[app2,equ(left)]) then
wave([2,1],[rev2,equ(left)]) then
wave([2,1,1],[rev2,equ(left)]) then
wave([1,1],[assapp,equ(left)]) then
fertilize(weak(v1)) then
elementary(...)
]
Given target rewrites are:
app2: app(h :: l1; l2) = h :: app(l1 ; l2)
sum2: sum(h :: l) = +(h; sum(l))
plus2: +(s(x); y ) = s(+(x; y )).
Analogy in CLAM
29
The basic mapping is
mb : app2(w1; w2) 7! app(w1; w2),
app1(w1; w2) 7! +(w2; w1)
rev(w1) 7! sum(w1).
mb : app1(w1; w2) 7! w1w2:plus(w2; w1) requires a labelled fragment of plus that
is symmetric to the labelled fragment of app1 that originates in assapp. plus2
provides such a symmetric labelled fragment.
The extended match yields me: ::17!::, ::2 (w1; w2) 7! w1w2:w1, app5 (w1; w2) 7!
+(w2; w1) matches rev2 with sum2 and app2 with app2. assapp can not be
matched consistently with plus2 but mb and me suggest a target lemma assplus:
+(+(n; m); l) = +(n; +(m; l)).
me has been constructed following the sequence app2, rev2, assapp, in which
the rewrites were used in the source planning. If the me was not established in
the same sequence as prescribed by the sequence in which the source rewrites had
been employed in the source planning process, we could have obtained a target
lemma which is wrong. E.g., with the order app2, assapp, rev2, we obtain
me : app5 7! w1w2:s(w1) mapping assapp to plus2. Then a target lemma
sum(h :: l) = s(sum(l)) corresponding to rev2 would be suggested which is wrong
since it yields s(sum(l)) = +(h; sum(l)).
The source base case conjecture is
app1(rev(l); rev(nil)) = rev(app2(nil; l)) and the target base case conjecture is
+(sum(nil); sum(l)) = sum(app(nil; l)).
The source rewrites in the base case are
app1: app1 0(nil3; l) = l
rev1: rev4(nil) = nil2
sum1: sum(nil) = 02
The IF-equations in the source base case are
app1 = app3
app1 = app4
::2=::1.
The base case replay of the apprev-plussumsum has the following steps:
The rst method, eval def(app1) can be transferred to method eval def(app1)
because the IF-equation and preconditions are satised by me : nil 7! nil.
The next method, eval def(rev1), can be transferred to method eval def(sum1)
because the justications are satised.
The next method, generalise, can be transferred and the term to be generalized is sum(l) instead of the source term rev(l).
Analogy in CLAM
30
The resulting subgoal is +(0; vo) = v0 which is an instance of the target
rewrite plus1. Thus the rest of the branch is skipped because of redundancy.
(Otherwise the next method, induction justied by app2, could be transferred only if its justication reformulated by mb : app1 7! w1w2: +
(w2; w1); app3 7! w1w2: + (w2; w1) to
+(l2; F1(h; l1)) = F1(h; +(l2; l1))20 could be instantiated to a valid lemma.
Such an instantiation is F1(x; y) 7! xy:s(y) which is not provided by a
mapping. Then the suggested lemma became +(l2; s(l1)) = s(+(l2; l1)). Using the suggested lemma the rest of the source proof could be transferred.)
The resulting target proof plan is
induction([v0::x],[x:pnat list]) then
[eval_def([1,2,1],app1) then
eval_def([1,1,1],sum1) then
generalise(sum(y),v0:int) then
%POSITION CHANGED by symm
%SKIP, BASE-LEVEL yields:
eval_def([1,1],plus1) then
elementary(...),
%%%
wave([1,2,1],[app2,equ(left)]) then
wave([2,1],[sum2,equ(left)]) then
wave([1,1,1],[sum2,equ(left)]) then %POSITION CHANGED
wave([1,1],[assplus,equ(left)]) then
fertilize(weak(v1)) then
elementary(...)
]
20
Because of the IF-equation ::2=::1, F1 is the meta variable for ::1 and ::2 in the parametrized
which is not yet instantiated by mb or me.
app2
by symm
Analogy in CLAM
10.4
31
halfdouble-doublehalf
This is an example for the application of the reformulation condt.
source theorem halfdouble: half (double(n)) = n
target theorem doublehalf: even(n) ! double(half (n)) = n.
The source plan is
induction([s(n)],[n:pnat]) then
[eval_def([1,1,1],double1) then
eval_def([1,1],half1) then
elementary(...),
wave([1,1,1],[double2,equ(left)]) then
wave([1,1],[half3,equ(left)]) then
fertilize(weak(v0)) then
elementary(...)
]
The basic mapping mb : double 7! half; half 7! double.
The extended mapping me : half1;2 7! double
double1;2 7! half
s1;4 7! x:s(s(x))
x:s2(s2(x)) 7! s
x:s3(s3(x)) 7! s.
The reformulation condt replaces fertilization(weak) by very weak fertilization in the plan node with the conclusion
even(s(s(n))) ! s(s(double(half (n)))) = s(s(n)). Very weak fertilization
results in the (transferred) subgoal s(s(n)) = s(s(n)) and in the additional subgoal
lemma1: even(s(s(n))) ! even(n).
The target base case for s(0) is terminated because of even(s(0)) = false. The
target base case for x = 0 is transferred because of even(0) = true.
The resulting target proof plan is
induction([s(s((n))],[n:pnat]) then
[eval_def([1],even1) then
eval_def([1,1,1,2],half1) then
eval_def([1,1,2],double1) then
elementary(...),
[eval_def([1],even1) then
elementary(...),
wave([1,1,1,2],[half2,equ(left)]) then
wave([1,1,2],[double3,equ(left)]) then
fertilize(very_weak(v0),lemma1) then
elementary(...)
]
%ADDITIONAL EVALUATION
%ADDITIONAL EVALUATION
%REPLACED METHOD
Analogy in CLAM
10.5
32
div3-div3term
source theorem: div3: :y = 0 ! div(plus(y; x); y) = s(div(x; y))
target theorem: div3term: :times(y; z) = 0 ! div(plus(y; x); y) = s(div(x; y)).
div3 can be planned by CLAM 3 and has the proof plan
normal(imply_intro) then
eval_def([1,1],div3) then
elementary(...)
This is an example for which the not commonly loaded method normal can be
transferred. div3term can not be planned by CLAM 3. It can, however, be planned
by analogy to div3. The reason is that eval def's preconditions are not satised.
The basic mapping maps: y 7! times(y; z) in the antecedents. Everything else is
mapped identically by mb. Note: for noninductive proofs the match constraints
do not apply.
In order to establish the p-justication true(: (y; z) = 0 ` :y = 0) base-level
planning has to be invoked.
10.6
cnc theorems
A class of examples for which the not commonly loaded method normal can be
transferred is the class of cnc.. theorems. For instance,
source theorem: cnc plus: x = y ! plus(x; z) = plus(y; z)
target theorem: cnc half: x = y ! half (x) = half (y).
All the plans (also for cnc times etc.) have the structure
normal(imply_intro) then
equal(v0,left) then
elementary(...)
and the planning fails without the method normal.
cnc termplus: times(u; x) = times(v; y ) ! plus(times(u; x); z ) = plus(times(v; y );z )
is a more complicated target for which the source can be transferred analogically.
10.7
zerotimes1-zerotimes3
This is another example for which the not commonly loaded method normal can
be transferred.
source theorem: zerotimes1: x = 0 ! times(x; y) = 0
target theorem: zerotimes3: times(x; y) = 0 ! times(times(x;y);y) = 0.
The source plan is
Analogy in CLAM
33
normal(imply_intro) then
equal(v0,right) then
eval_def([1,1],times1) then
elementary(...).
The target plan is
normal(imply_intro) then
equal(v0,right) then
eval_def([1,1],times1) then
elementary(...).
As opposed to a plan produced by base-level planning, the resulting target plan
does not start with a generalise method. mb and the analogical replay do
the job necessary. The analogical replay does not consider the precondition
freevarinterm(G,times(x; y ) because it has no corresponding justication.
10.8
assapp-assplus1
source theorem: x <> (y <> z) = (x <> y) <> z
target theorem: x + (x + x) = (x + x) + x.
This is an example in which target variables are generalized apart in order to meet
the b4 constraint of mb. The result is the reformulated target assplus2, given
below, for which the analogical replay works. app is not indexed because all apps
are mapped to +.
The extended mapping maps for the step case app2 to plus2 and app1 to plus1
by me :::1;27! s and for the base case app1 to plus1 by me : nil 7! 0. The source
plan is
induction([v0::l],[l:pnat list]) then
[eval_def([1,1],app1) then
eval_def([1,2,1],app1) then
elementary(...),
wave([1,1],[app2,equ(left)]) then
wave([1,2,1],[app2,equ(left)]) then
wave([2,1],[app2,equ(left)]) then
fertilize(weak(v1)) then
elementary(...)
]
Analogy in CLAM
Source
app(l; app(m; n)) = app(app(l; m); n)
34
mb
app 7! +
source rewrites
me
app
7! +
app2:app(h ::1 m; n) = h ::2 app(m; n) :: 7! s
1;2
Target
After the renaming of variables
+(x; +(y; y)) = +(+(x; y); y)
target rewrites
+(s(x); y) = s(+(x; y))
Step case replay:
source goals
source justif.
target goals
||||||||||||||||||||||||||||||||||
app(v0 ::1 l; app(m; n)) =
app2
+(s(x); +(y; y)) = +(+(s(x); y); y)
app(app(v0 ::1 l; m)n)
v0 ::2 app(l; app(m; n)) = : : :
app2
s(+(x; +(y; y))) = : : :
: : : = app(v0 ::2 app(l; m); n)
app2
: : : = +(s(+(x; y)); y)
: : : = v0 ::2 app(app(l; m); n)
app2
::1=::2
: : : = s(+(+(x; y); y))
v0 ::2 app(app(l; m); n) = : : :
part ih match s(+(+(x; y); y)) = : : :
true
true
Base case replay:
source rewrites
app1: app(nil; l) = l
me
nil 7! 0
source goals
source justif.
app(nil; app(m; n)) =
app(app(nil; m); n)
target rewrites
+(0; y) = y
target goals
+(0; +(m; n)) = +(+(0; m); n)
app(m; n) = : : :
app1
+(m; n) = : : :
: : : = app(m; n)
app1
: : : = +(m; n)
true
true
Analogy in CLAM
The resulting target proof plan is
induction([s(x)],[x:pnat]) then
[eval_def([1,1],plus1) then
eval_def([1,2,1],plus1) then
elementary(...),
wave([1,1],[plus2,equ(left)]) then
wave([1,2,1],[plus2,equ(left)]) then
wave([2,1],[plus2,equ(left)]) then
fertilize(weak(v0)) then
elementary(...)
]
35
Analogy in CLAM
10.9
36
halfplus2-lenapp
This is an example for the application of the reformulation 2to1.
the justication partial ind hyp match(...).
Source
half1(x +1 y) = half2(y +2 x)
part ih match
is short for
mb
Target
half1;2 7! len len(x <> y) = len(y <> x)
+1;2 7!<>
The step case replay
source rewrites
me
s1 (s1()) 7! v0 ::
half3: half3 (s1(s1 (x))) = s2 (half3 (x)) s2() 7! s()
half3 7! len
plus2: s3(x) +3 y = s4(x +3 y)
lemma:x+1s3(s3(y)) = s5(s6(x+1y)) +3 7!<>
s3;4 7! v0 ::
target rewrites
len(v0 :: x) = s(len(x))
(v0 :: x) <> y = v0 :: (x <> y)
source goals
source justif.
target goals
||||||||||||||||||||||||||||||||||
after 2to1 reformulation
half1(x +1 s3(s3(y))) =
len(x <> (v0 :: y)) =
plus2
half2(s3(s3(y)) +2 x)
len((v :: y) <> x)
0
: : : = half2(s4(s3(y) +3 x)
: : : = half2(s4(s4(y +3 x)))
: : : = s2(half3(y +3 x))
half1(s5(s6(x +1 y))) = : : :
plus2
+2 = +3
plus2
half3
half2 = half3
s4 = s1
(causes 2to1)
lemma
after 2to1 collapsed 2 methods
: : : = len(v0 :: (y <> x))
collapsed method
: : : = s(len(y <> x))
by suggested lemma
len(v0 :: (x <> y)) = : : :
s2(half2(y +2 x)) = : : :
half3
half1 = half3 s(len(x <> y)) = : : :
s5 = s1
s6 = s1
part ih match s(len(y <> x)) = : : :
half3 = half1
true
half2 = half3 true
+2 = +3
s2(half3(x +1 y)) = : : :
The source lemma provided by a critic is x +1 s3(s3(y)) = s5(s6(x +1 y)). Suggested target
lemma is: x <> (v0 :: y) = v0 :: (x <> y).
Analogy in CLAM
10.10
37
halfplus2-evenplus
source theorem: half1(x +1 y) = half2(y +2 x)
target theorem: even(x + y) $ even(y + x).
This is an example, where the matching constraint b1 has to be relaxed and in which the
application of a lemma discovery critic can be avoided by analogy.
Source
half1(x +1 y) = half2(y +2 x)
mb
half1;2 7! evn
+1;2 7! +
Target
even(x + y) $ even(y + x)
step case replay:
source rewrites
s1(x) +3 y = s2(x +3 y)
half3(s3(s3(x))) = s4(half3(x))
me
target rewrites
+3 7! +
half3 7! even s(x) + y = s(x + y)
s1;2;3 7! s
even(s(s(x))) $ even(x)
s4 7! source goals
source justif.
target goals
||||||||||||||||||||||||||||||||||
half1(s1(s1(x)) +1 y) =
even(s(s(x)+ y) $ even(y + s(s(x))
half2(y +2 s1(s1(x)))
half1(s2(s1(x) +3 y)) = : : :
+1 = +3
half1(s2(s2(x +3 y))) = : : :
s4(half3(x +3 y)) = : : :
+3 = +3
even(s(s(x + y))) $ : : :
s2 = s3
half1 = half3 even(x + y) $ : : :
: : : = s4(half3(y +3 x))
lemma
even(s(s(x) + y)) $ : : :
by suggested lemma
: : : $ even(y + x)
ih match
half3 = half1
s4(half3(x +3 y)) = s4(half3(x +3 y)) half
3 = half2
+3 = +1;2
even(y + x) $ even(y + x)
true
true
The source lemma, introduced by a critic, is half2(y +2 s1(s1(x))) = s4(half3(y +3 x)).
Correspondingly, the suggested target lemma is even(y + s(s(x))) $ even(y + x).
Analogy in CLAM
10.11
38
lenapp-halfplus2
Source theorem: len1(a <>1 b) = len2(b <>2 a)
Target theorem: half (a + b) = half (b + a)
This is an example for the application of the reformulation 1to2 that avoids the
application of the induction revision critic in the target. The replay can transfer
the source base case b=0, a=0 to the target base case b=0, a=0. It replays
the step case of b=0 as shown below. It breaks down for the target base case
b=0,a=s(0) because of the IF-equation nil3 = nil4 which is mapped to s(0) = 0.
As shown below the replay of the source base case b=0 for the target base case
b=s(0) yields a gap at the rst method eval def(app1) because of the IF-equation
nil = nil4 (nil is introduced by the target induction) which is mapped to s(0) = 0.
It produces the island conclusion half (+(a; s(0))) =?. With this island the replay
can be continued yielding a nal subgoal s(?) =??. The instantiation of the gap
variable by half (s(a)) allows to complete the replay of this step case of b=s(0).
The source base cases b=0, a=0 can be replayed for the target base case b=s(0),
a=0 if the island is instantiated. The replay of the base case b=0, a=0 for the
target base case b=s(0), a=s(0) fails because of the IF-equation nil3 = nil4 which
is mapped to s(0) = 0.
Analogy in CLAM
Source
len1(a <>1 b) = len2(b <>2 a)
source rewrites
app2:
(v0 ::2 a) <>3 b = v0 ::3 (a <>3 b)
len2:len3(v0 ::1 a) = s1(len3(a))
39
mb
Target
len1;2 7! half half (a + b) = half (b + a)
<>1;27! +
me
len3 7! half
::17! s(s())
s1 7! s
<>37! +
::2;37! s
target rewrites
s(a) + b = s(a + b)
half (s(s(a))) = s(half (a))
The step case replay:
source goals
source justif.
target goals
||||||||||||||||||||||||||||||||||
len1(a <>1 v0 ::2 b) =
After 1to2 ref. because of (*)
app2
len2(v0 ::2 b <>2 a)
half (a + s(s(b))) = half (s(s(b))+ a)
: : : = len2(v0 ::3 (b <>3 a))
app2
<>2=<>3
double wave method because of 1to2
: : : = half (s(s(b + a)))
: : : = s1(len3(b <>3 a))
len2
len2 = len3
s(half (b + a))
lemma
by suggested lemma
s(half (a + b)) = : : :
s2(len3(a <>3 b)) = : : :
(*) ::3=::1
len3 = len1
s(half (b + a)) = : : :
<>3=<>1
s1 = s2
len2 = len3
true
true
<>2=<>3
Source lemma: len1(a <>1 v0 ::2 b) = s2(len3(a <>3 b)).
Suggested target lemma: half (a + s(s(b))) = s(half (a + b)).
s1(len2(b <>2 a)) = : : :
Analogy in CLAM
40
The source base case b = 0 (step case) replay for the target case base b = 0 (step case):
source rewrites
app1: app6(nil4; x) = x
length1: len5 (nil5) = 0
app2
length2
me
app6 7! +
nil 7! 0
::2;37! s
::17! s(s())
len5 7! half
target rewrites
+(0; x) = x
half (0) = 0
plus2
half3
source goals
source justif.
target goals
||||||||||||||||||||||||||||||||||
len1(app1(a; nil)) =
half (+(a; 0)) = half (+(0; a))
len2(app2(nil; a))
app1
app2 = app5
nil = nil4
half (+(a; 0)) = half (a)
len1(app1(v0 ::2 a; nil)) =
len2(v0 ::2 a)
app2
half (+(s(s(a)); 0)) = half (s(s(a)))
len1(v0 ::3 app4(a; nil)) = : : :
app2
app3 = app1
double wave[plus2] because of 1to2
half (s(s(+(a; 0)))) = : : :
s1(len3(app4(a; nil))) = : : :
length2
len1 = len3
::3=::1
(causes 1to2)
s(half (+(a; 0))) = : : :
len1(app1(a; nil)) = len(a)
induction on a
step case:
: : : = s1(len(a))
s1(len3(a)) = : : :
true
length2
len2 = len3
::2=::1
len1 = len3
app4 = app1
: : : = s(half (z))
s(half (a)) = : : :
true
Analogy in CLAM
41
The source base case b=0 replay for the target base case b=s(0):
source rewrites
app1: app6(nil4; x) = x
len1: len5(nil5) = 0
etc.
me
nil 7! s(0)
nil4 7! 0
target rewrites
+(0; x) = x
half (0) = 0
half (s(0) = 0
source goals
source justif.
target goals
||||||||||||||||||||||||||||||||||
len1(app1(a; nil)) =
half (+(a; s(0))) =
len2(app2(nil; a))
half (+(s(0); a))
app1
app2 = app5
nil = nil4
: : : =?
induction on a
len1(app1(v0 ::2 a; nil)) =
len2(v0 ::2 a)
app2
half (+(s(s(a)); s(0))) =?
len1(v0 ::3 app4(a; nil)) = : : :
app2
app3 = app1
double wave[plus2] because of 1to2
half (s(s(+(a; s(0))))) =?
s1(len3(app4(a; nil))) = : : :
length2
len1 = len3
::3=::1
(causes 1to2)
s(half (+(a; s(0)))) =?
: : : = s1(len(a))
length2
len2 = len3
::2=::1
: : : =??
s1(len3(a)) = : : :
len1 = len3
app4 = app1
s(?) =??
replay stopped
: : : = len2(a)
(causes failure)
step case:
10.12
plus2right-doubleplus2right
Source theorem: +1(x; s1(y)) = s2(+2(x; y))
Target theorem: double(+(x; s(y))) = s(s(double(+(x; y))))
This is an example for the application of the reformulation blow.
In the step case me maps s4 to x:s(s(x)) because of the IF-equation s2 = s4 in
the justication of elementary. In the base case me maps 01 to 0 because of the
Analogy in CLAM
42
IF-equation 01 = 0. S3 remains a meta-variable which is introduced because no
target lemma corresponding to plus2 is available.
At the rst wave(plus2) node the replay suggests the target lemma
double(+(S3(x); y) = s(s(double(+(x; y)))) corresponding to the source rewrite
plus2. This lemma contains the meta variable S3 that has to be instantiated (e.g.,
to s).
The replay of the base case suggests the target rewrite double(+(0; x)) = x based
on the source rewrite plus1 and the IF-equations +1 = +4; 0 = 01. The transfer
of the base case x = 0 fails because the suggested lemma double(+(0; x)) = x is
disproved. The replay stops as soon as ? = ?? occurs. Besides, the IF-equation
s1 = s2 in the elementary node of the case base contradicts the basic mapping but
this reason for the replay failure is not even considered.
Analogy in CLAM
Source
+1(x; s1(y)) = s2(+2(x; y))
source rewrites
plus2:+3(s3(x); y) = s4(+3(x; y))
43
mb
+1;2 7!
double(+)
s1 7! s
s2 7! s(s())
me
s3 7! S3
s4 7! s(s())
Target
double(+(x; s(y))) =
s(s(double(+(x; y))))
target rewrites
nothing for double(+())
The step case replay:
source goals
source justif.
target goals
||||||||||||||||||||||||||||||||||
double(+(S3(x); s(y))) =
+1(s3(x); s1(y)) = s2(+1(s3(x); y)) plus2
s(s(double(+(S3(x); y))))
s4(+3(x; s1(y))) = : : :
plus2
+1 = +3
by suggested lemma
s(s(double(+(x; s(y))))) = : : :
: : : = s2(s4(+3(x; y)))
plus2
+1 = +3
: : : = s(s(s(s(double(+(x; y))))))
part ih match s(s(s(s(double(+(x; y)))))) = : : :
+3 = +1
s2 = s4
true
true
+2 = +3
||||||||||||||||||||||||||||||||||
s4(s2(+2(x; y))) = : : :
Base case replay:
source rewrites
plus1: +4(0; x) = x
source goals
+1(0; s1(y)) = s2(+2(0; y))
s1(y) = : : :
: : : = s2(y)
true
me
01 7! 0
target rewrites
suggested rewrite
double(+(0; x)) = x disproved
source justif.
target goals
double(+(0; s(y))) =
s(s(double(+(0; y))))
plus1
+1 = +4
0 = 01
plus1
+2 = +4
0 = 01
no transfer
? = s(s(double(+(0; y))))
no transfer
?=??
s1 = s2
Analogy in CLAM
44
References
[Bundy 88]
[Bundy et al 91a]
[Bundy et al 91b]
[Bundy et al 93]
[Carbonell 83]
[Carbonell 86]
[Gordon et al 79]
[Hesketh 91]
A. Bundy. The use of explicit plans to guide inductive proofs. In E. Lusk and R. Overbeek, editors,
Proc. 9th International Conference on Automated
Deduction (CADE), volume 310 of Lecture Notes in
Computer Science, pages 111{120, Argonne, 1988.
Springer.
A. Bundy, F. van Harmelen, J. Hesketh, and
A. Smaill. Experiments with proof plans for induction. Journal of Automated Reasoning, 7:303{324,
1991. Earlier version available from Edinburgh as
DAI Research Paper No 413.
A. Bundy, F. van Harmelen, J. Hesketh, and
A. Smaill. Experiments with proof plans for induction. Journal of Automated Reasoning, 7:303{324,
1991.
A. Bundy, Stevens A, F. Van Harmelen, A. Ireland,
and A. Smaill. A heuristic for guiding inductive
proofs. Articial Intelligence, 63:185{253, 1993.
J.G. Carbonell. Learning by analogy: Formulating
and generalizing plans from past experience. In R.S.
Michalsky, J.G. Carbonell, and T.M. Mitchell, editors, Machine Learning: An Articial Intelligence
Approach, pages 371{392. TiogaPubl., Palo Alto,
1983.
J.G. Carbonell. Derivational analogy: A theory
of reconstructive problem solving and expertise acquisition. In R.S. Michalsky, J.G. Carbonell, and
T.M. Mitchell, editors, Machine Learning: An Articial Intelligence Approach, pages 371{392. Morgan
Kaufmann Publ., Los Altos, 1986.
M. Gordon, R. Milner, and C.P. Wadsworth. Edinburgh LCF: A Mechanized Logic of Computation.
Lecture Notes in Computer Science 78. Springer,
Berlin, 1979.
J.T. Hesketh. Using Middle-Out Reasoning to Guide
Inductive Theorem Proving. Unpublished PhD
thesis, University of Edinburgh, 1991.
Analogy in CLAM
45
[Huang et al 94a]
X. Huang, M. Kerber, M. Kohlhase, E. Melis, D. Nesmith, J. Richts, and J. Siekmann. Omega-MKRP:
A Proof Development Environment. In Proc. 12th
International Conference on Automated Deduction
(CADE), Nancy, 1994.
X. Huang, M. Kerber, M. Kohlhase, and J. Richts.
Methods - the basic units for planning and verifying proofs. In Proceedings of Jahrestagung fur
Kunstliche Intelligenz, Saarbrucken, 1994. Springer.
D. Hutter. Guiding inductive proofs. In M.E.
Stickel, editor, Proc. of 10th International Conference on Automated Deduction (CADE), volume Lecture Notes in Articial Intelligence 449. Springer,
1990.
D. Hutter. Synthesis of induction orderings for
existence proofs. In A. Bundy, editor, Proc. of
12th International Conference on Automated Deduction (CADE), Lecture Notes in Articial Intelligence
814, pages 29{41. Springer, 1994.
A. Ireland and A. Bundy. Productive use of failure
in inductive proof. Technical report, Department of
AI Edinburgh, 1994. Available from Edinburgh as
DAI Research Paper 716.
Th. Kolbe and Ch. Walther. Reusing proofs. In
Proceedings of ECAI-94, Amsterdam, 1994.
Th. Kolbe and Ch. Walther. Patching proofs for
reuse. In N. Lavrac and S. Wrobel, editors, Proceedings of the 8th European Conference on Machine
Learning 1995, Kreta, 1995.
I. Kraan. Proof Planning for Logic Program Synthesis. Unpublished PhD thesis, University of Edinburgh, 1994.
P. Madden. Automated Program Transformation
Through Proof Transformation. Unpublished PhD
thesis, University of Edinburgh, 1991.
E. Melis. A model of analogy-driven proof-plan
construction. In Proceedings of the 14th Interna-
[Huang et al 94b]
[Hutter 90]
[Hutter 94]
[Ireland & Bundy 94]
[Kolbe & Walther 94]
[Kolbe & Walther 95]
[Kraan 94]
[Madden 91]
[Melis 95]
Analogy in CLAM
46
tional Joint Conference on Articial Intelligence,
Montreal, 1995.
[vanHarmelen et al 93]
F. van Harmelen, A. Ireland, S.Negrete, A. Stevens,
and A. Smail. The CLAM proof planner, user
manual and programmers manual. Technical Report
version 2.0, University of Edinburgh, Edinburgh,
1993.
[Veloso 94]
M.M. Veloso. Planning and Learning by Analogical
Reasoning. Springer, Berlin, New York, 1994.
[Villaorita & Sebastiani 94] A. Villaorita and R. Sebastiani. Proof planning by
abstraction. In Proceedings ECAI-94 workshop on
interactive systems, Amsterdam, 1994.